User comments to blog posts.
User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Lock-and-Key Security

Mon Apr 04, 2011 1:35 pm

Comments for Lock-and-Key Security.

User avatar
ibarrere
Cisco Inferno
Posts:
10278
Joined:
Mon Jul 10, 2006 12:58 am

Re: Lock-and-Key Security

Mon Apr 04, 2011 1:56 pm

Nice blog, Infinite!

I had never even heard of that feature, and couldn't really think of a useful situation in which to deploy it (other than perhaps some insane Rube Goldberg Machine of networks), yet it's still pretty cool that it's out there.

User avatar
ibarrere
Cisco Inferno
Posts:
10278
Joined:
Mon Jul 10, 2006 12:58 am

Re: Lock-and-Key Security

Mon Apr 04, 2011 1:58 pm

Which reminds me... why haven't we at networking-forum come up with some insane Rube Goldberg Machine of networks?

User avatar
Vito_Corleone
Moderator
Posts:
9847
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Lock-and-Key Security

Mon Apr 04, 2011 2:30 pm

Nice post. The transparency in your screenshots makes me hate you though.
http://blog.alwaysthenetwork.com

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Re: Lock-and-Key Security

Mon Apr 04, 2011 2:43 pm

Thanks guys.

Yeh I noticed the transparency bit after I finished and couldn't be bothered to take them all over again. On the machine I'm on now I can't even see them... But I know on some you can see through them. Blame Apple. It's their terminal program.

User avatar
Vito_Corleone
Moderator
Posts:
9847
Joined:
Mon Apr 07, 2008 10:38 am
Certs:
CCNP RS, CCNP DC, CCDP, CCIP

Re: Lock-and-Key Security

Mon Apr 04, 2011 2:47 pm

I keep trying to figure out what's behind them.
http://blog.alwaysthenetwork.com

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Re: Lock-and-Key Security

Mon Apr 04, 2011 2:48 pm

I think it was another terminal window or the OpenOffice document I drafted the blog post in.

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Re: Lock-and-Key Security

Mon Apr 04, 2011 2:53 pm

ibarrere wrote:Which reminds me... why haven't we at networking-forum come up with some insane Rube Goldberg Machine of networks?

Did you not see Steve's Creative Routing Contest?

User avatar
ibarrere
Cisco Inferno
Posts:
10278
Joined:
Mon Jul 10, 2006 12:58 am

Re: Lock-and-Key Security

Mon Apr 04, 2011 4:34 pm

Yeah, I thought I saw something about a Catalyst in one of the background windows...

That creative routing contest is pretty cool. But, we definitely need to include hosts that sit there listening and slicing packets in half and forwarding some data to one location, some to another, eventually the packet will be reconstructed on another host who'll insert the payload into a database and have an ETL chew it up and return something else to a SOAP API, blah blah blah. I think the end result should be posting a topic to this forum though.

User avatar
ibarrere
Cisco Inferno
Posts:
10278
Joined:
Mon Jul 10, 2006 12:58 am

Re: Lock-and-Key Security

Mon Apr 04, 2011 4:53 pm

ibarrere wrote:we definitely need to include hosts that sit there listening and slicing packets in half and forwarding some data to one location, some to another, eventually the packet will be reconstructed on another host who'll insert the payload into a database and have an ETL chew it up and return something else to a SOAP API, blah blah blah. I think the end result should be posting a topic to this forum though.


That sounds startlingly like the standard application logic of a former customer, actually.

User avatar
scottsee
Post Whore
Posts:
1800
Joined:
Wed Feb 10, 2010 2:45 am
Certs:
NA:R&S, NA:Sec

Re: Lock-and-Key Security

Mon Apr 04, 2011 5:08 pm

Nice Blog! That's a cool feature I would have never probably know about otherwise.

User avatar
mellowd
CCIE #38070
Posts:
13814
Joined:
Wed Jun 18, 2008 7:49 am
Certs:
CCIE (RS,SP), JNCIE-SP, BC-/SPNE/NP

Re: Lock-and-Key Security

Tue Apr 05, 2011 3:10 am

Interesting. Not sure I'd ever use it though

User avatar
wirerat
Post Whore
Posts:
5331
Joined:
Tue Mar 31, 2009 4:15 pm
Certs:
More than none

Re: Lock-and-Key Security

Tue Apr 05, 2011 4:32 am

Very cool blog Infinite. The technology kind of reminds me of port-knocking.
"See packet, be packet, you are packet. Ignore all else!" -The Networker
packetsdropped.wordpress.com

reaper
Senior Member
Posts:
350
Joined:
Sat May 06, 2006 4:00 pm
Certs:
CCIE #37149 , CCNP, CCDA

Re: Lock-and-Key Security

Tue Apr 05, 2011 5:28 am

Can this be combined with time-based ACL? Like allowing someone to open a port at certain times but only if they know the password?
http://lostintransit.se

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Re: Lock-and-Key Security

Tue Apr 05, 2011 9:11 am

Interesting idea... I don't know. I'll have to try and lab that if I get some free time today.

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Re: Lock-and-Key Security

Tue Apr 05, 2011 10:22 am

reaper: Yes.
Code: Select all
R1#sh access-list 101
Extended IP access list 101
    10 Dynamic LOCK permit tcp any any eq telnet time-range LOCK (inactive)
    20 permit tcp any host 1.1.1.1 eq telnet (50 matches)
    30 deny ip any any
R1#sh tim
R1#sh time-range
time-range entry: LOCK (inactive)
   periodic weekdays 9:20 to 9:30
   used in: IP ACL entry
R1#sh clock
09:17:12.667 MST Tue Apr 5 2011

Code: Select all
R2#telnet 1.1.1.1
Trying 1.1.1.1 ... Open


User Access Verification

Username: test
Password:
[Connection to 1.1.1.1 closed by foreign host]
R2#telnet 3.3.3.3
Trying 3.3.3.3 ...
% Destination unreachable; gateway or host down

R2#

Code: Select all
R1#sh access-list 101
Extended IP access list 101
    10 Dynamic LOCK permit tcp any any eq telnet time-range LOCK (inactive)
       permit tcp any any eq telnet time-range LOCK (inactive)
    20 permit tcp any host 1.1.1.1 eq telnet (72 matches)
    30 deny ip any any (1 match)
R1#sh clock
09:19:59.019 MST Tue Apr 5 2011

Code: Select all
R1#sh access-list 101
Extended IP access list 101
    10 Dynamic LOCK permit tcp any any eq telnet time-range LOCK (active)
       permit tcp any any eq telnet time-range LOCK (active)
    20 permit tcp any host 1.1.1.1 eq telnet (72 matches)
    30 deny ip any any (1 match)
R1#sh clock
09:21:37.151 MST Tue Apr 5 2011

Code: Select all
R2#telnet 3.3.3.3
Trying 3.3.3.3 ... Open


User Access Verification

Username: test
Password:
R3>

reaper
Senior Member
Posts:
350
Joined:
Sat May 06, 2006 4:00 pm
Certs:
CCIE #37149 , CCNP, CCDA

Re: Lock-and-Key Security

Tue Apr 05, 2011 11:14 am

Cool, thanks for testing that out. Maybe when my kid gets older I'll have to stop him from playing WoW all night long. Then I can implement a time-based lock and key ACL and change the password on occasion and make him find it out through doing some math or something :)

Devious plans...:)
http://lostintransit.se

Hjackson5
New Member
Posts:
1
Joined:
Thu Dec 08, 2011 11:52 pm
Certs:
nope

Re: Lock-and-Key Security

Wed Dec 14, 2011 7:35 pm

It is obvious that I really want to be part of your site. I really love how you make people to have an interest in your site which helps me a lot. Thank you so much for this.

'

Return to Blog Comments

Who is online

Users browsing this forum: No registered users and 1 guest